Facebook Instagram Tiktok Youtube
onetravelworld.com

WhatsApp

+94 70 797 2233

0
Your Cart
No products in the cart.
Start Booking

Last Update: 20 April 2026

Data Controller

One Travel Word acts as the Data Controller for all personal data collected and processed in connection with travel services.

Personal Data We Collect

We may collect and process:

  • Identification data (name, passport details, nationality)
  • Contact details (email, phone number, address)
  • Travel details (itinerary, preferences, special requests)
  • Payment-related information
  • Health information (only where necessary for travel arrangements)

Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity (to deliver booked services)
  • Legal obligations (immigration, tax, regulatory requirements in Sri Lanka)
  • Legitimate interests (service improvement, fraud prevention)
  • Consent (for marketing or sensitive data where required)

Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity (to deliver booked services)
  • Legal obligations (immigration, tax, regulatory requirements in Sri Lanka)
  • Legitimate interests (service improvement, fraud prevention)
  • Consent (for marketing or sensitive data where required)

Use of Personal Data

Your data is used to:

  • Process bookings and reservations
  • Arrange hotels, transport, and tours
  • Communicate travel updates
  • Meet legal and regulatory requirements

Data Sharing

We may share data with:

  • Hotels, transport providers and guides
  • Payment processors
  • Government authorities (e.g., immigration/security)
  • IT and system providers

All third parties are required to:

  • Process data securely
  • Use it only for specified purposes

International Data Transfers

As part of delivering services in Sri Lanka:

  • Personal data may be transferred outside the legal region
  • Appropriate safeguards (contractual protections) are applied where required

Data Retention

We retain personal data only for:

  • As long as necessary to fulfill services
  • Legal, tax, and regulatory compliance periods
  • Legitimate business purposes

After this, data is securely deleted or anonymized.

Data Security

We implement appropriate technical and organizational measures, including:

  • Secure servers and encryption where applicable
  • Restricted access to personal data
  • Staff confidentiality obligations

Your Rights (GDPR-Aligned)

Clients (especially EU/EEA residents) have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

Requests can be made via: info@onetravelworld.com

Marketing Communications

  • Guests will only receive marketing communications
  • You may unsubscribe at any time via email or link provided

Cookies & Website Tracking

  • If applicable, the Company website may use:

    • Cookies
    • Analytics tools

    Users can manage cookie preferences via browser settings.

Data Breach Notification

  • In the event of a data breach:

    • The Company will take immediate corrective action
    • Affected individuals will be notified where required by law

Consent

  • By using our services, guests:

    • Acknowledge this Privacy Policy
    • Consent to the collection and processing of personal data as described